Salt Typhoon Reportedly Hacks AT&T, Verizon, Lumen

Chinese hacker group Salt Typhoon has reportedly hacked AT&T, Verizon and Lumen Technologies, potentially compromising wiretap systems.

The Wall Street Journal first reported the news. Chinese hackers may have gained access to systems used by federal authorities for court-approved eavesdropping.

AT&T, Verizon and Lumen all declined to comment.

According to NBC News, Air Force Gen. Timothy Haugh, who heads the National Security Agency, said the hack is under investigation and that it’s premature to discuss the case.

Dan Schiappa, Arctic Wolf’s chief product and services officer, said in January, FBI Director Christopher Wray warned federal officials that China is arming itself for a cyber offensive against the United States.

“That time is now,” he said. “Breaching American communications infrastructure is the People’s Republic of China’s most blatant sign of cyber espionage in modern history, and compromising the largest telecom businesses in the country proves that there’s no upper limit for Beijing-tied advanced persistent threat (APT) threats. Businesses need to be cognizant of the potential for espionage, theft or destruction that these groups pose, but thwarting operations like Volt Typhoon and Salt Typhoon will require our elected officials to reassess and reallocate resources toward our national cybersecurity strategy.”

Related:Sophos CEO Joe Levy on Lessons Learned from CrowdStrike-Microsoft Outage

Salt Typhoon Hack ‘Deeply Concerning’

Tamir Passi, senior product director at DoControl, said this alleged Salt Typhoon hack of major U.S. telecom companies is “deeply concerning, but not surprising.”

DoControl's Tamir Passi

“We've long known that China engages in aggressive cyber espionage targeting critical infrastructure and sensitive data,” he said. “What's particularly alarming here is the potential access to wiretapping systems used by law enforcement. If true, this could give Chinese intelligence unprecedented visibility into U.S. surveillance operations.”

While it's still early in the investigation, this incident highlights the critical importance of securing not just core systems, but also the complex web of third-party integrations and data flows that exist in modern telecom environments, Passi said.

“The potential outcomes of this hack could be far-reaching and severe,” he said. “Beyond the immediate national security implications, there's a significant risk of the stolen data being weaponized for sophisticated social engineering attacks. If the hackers gained access to wiretapping systems, they could have obtained a treasure trove of sensitive conversations and personal information. This data could be used to craft highly targeted phishing campaigns or even blackmail attempts against individuals in positions of power or with access to valuable information.

Related:Cynomi vCISO Platform: 'Proof Is in the Pudding'

"Moreover," Passi continued, "understanding the targets and methods of U.S. surveillance operations could allow Chinese intelligence to help their assets evade detection or feed disinformation into our intelligence channels. This could have cascading effects on national security, diplomatic relations and even economic competitiveness.”

Thorough Audits Needed

For telecom companies and their customers, the immediate priority should be conducting a thorough audit of access logs and unusual activity patterns, Passi said.

“But longer term, this is a wake-up call to re-evaluate security architectures and access controls, especially around sensitive capabilities like lawful interception systems,” he said.

Dave Gerry, Bugcrowd’s CEO, said if the target is indeed information about federal wiretapping systems, the effects of this could be felt at the federal, state and even local level.

Bugcrowd's Dave Gerry

“This information would be hugely valuable to criminals, organized crime and global threat actors to understand the methods, process and evidence that the federal government has leading up to prosecution,” he said.

Related:Fortinet Engage Partner Program Evolves to Services Model

Comcast Customers Caught In FBCS Data Breach

In other cybercrime news, more than 237,000 Comcast customers have had their personal information compromised from a security incident at Financial Business and Consumer Solutions (FBCS), a debt collection agency. Comcast previously used FBCS.

That’s according to Bleeping Computer. The breach occurred in February and threat actors stole customers’ names, Social Security numbers, dates of birth, account information and drivers’ licenses or ID cards.

According to a filing with the Maine Attorney General’s Office, the FBCS breach was discovered in July and 237,703 Comcast customers were impacted.

We couldn’t reach Comcast for a comment.

Akhil Mittal, senior manager of cybersecurity strategy and solutions at Black Duck, formerly Synopsys Software Integrity Group, said this breach highlights a growing trend in cybersecurity of risks posed by third-party vendors.

“While organizations are getting better at securing their own systems, they also need to think about the partners they work and rely on,” he said. “If you're a Comcast customer, the best thing to do right now is take some simple, but important steps — monitor your credit, set up fraud alerts and update your passwords.”

What’s really important is for organizations to take a closer look at how they vet their vendors, Mittal said. They can’t just rely on trust when it comes to suppliers.

“With more ransomware attacks targeting third parties, organizations can’t afford to overlook vendor security anymore,” he said. “At the end of the day, cybersecurity is a shared responsibility. Organizations and their partners must collaborate to create a secure and transparent ecosystem. Customers should ask for more transparency about how their data is handled, and organizations should prioritize vendor assessments as much as their own defenses.”